PluginProbe ʕ •ᴥ•ʔ
GiveWP – Donation Plugin and Fundraising Platform / 2.2.4
GiveWP – Donation Plugin and Fundraising Platform v2.2.4
4.16.2 4.16.1 4.16.0 4.15.5 4.15.4 4.15.3 4.15.2 4.15.1 4.15.0 2.3.0 2.3.1 2.3.2 2.30.0 2.31.0 2.31.1 2.32.0 2.33.0 2.33.1 2.33.2 2.33.3 2.33.4 2.33.5 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.4.6 2.4.7 2.5.0 2.5.1 2.5.10 2.5.11 2.5.12 2.5.13 2.5.2 2.5.3 2.5.4 2.5.5 2.5.6 2.5.7 2.5.8 2.5.9 2.6.0 2.6.1 2.6.2 2.6.3 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.8.0 2.8.1 2.9.0 2.9.1 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.1.0 3.1.1 3.1.2 3.10.0 3.11.0 3.12.0 3.12.1 3.12.2 3.12.3 3.13.0 3.14.0 3.14.1 3.14.2 3.15.0 3.15.1 3.16.0 3.16.1 3.16.2 3.16.3 3.16.4 3.16.5 3.17.0 3.17.1 3.17.2 3.18.0 3.19.0 3.19.1 3.19.2 3.19.3 3.19.4 3.2.0 3.2.1 3.2.2 3.20.0 3.21.0 3.21.1 3.22.0 3.22.1 3.22.2 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.5.1 3.6.0 3.6.1 3.6.2 3.7.0 3.8.0 3.9.0 4.0.0 4.1.0 4.1.1 4.10.0 4.10.1 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.14.5 4.14.6 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.1 4.7.0 4.7.1 4.8.0 4.8.1 4.9.0 trunk 1.9.0 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.11.0 2.11.1 2.11.2 2.11.3 2.12.0 2.12.1 2.12.2 2.12.3 2.13.0 2.13.1 2.13.2 2.13.3 2.13.4 2.14.0 2.15.0 2.16.0 2.16.1 2.17.0 2.17.1 2.17.3 2.18.0 2.18.1 2.19.1 2.19.2 2.19.3 2.19.4 2.19.5 2.19.6 2.19.7 2.19.8 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6 2.20.0 2.20.1 2.20.2 2.21.0 2.21.1 2.21.2 2.21.3 2.21.4 2.22.0 2.22.1 2.22.2 2.22.3 2.23.0 2.23.1 2.23.2 2.24.0 2.24.1 2.24.2 2.25.0 2.25.1 2.25.2 2.25.3 2.26.0 2.27.0 2.27.1 2.27.2 2.27.3 2.28.0 2.29.0 2.29.1 2.29.2
give / includes / process-donation.php
give / includes Last commit date
admin 7 years ago api 7 years ago deprecated 7 years ago donors 7 years ago emails 7 years ago forms 7 years ago gateways 7 years ago libraries 7 years ago payments 7 years ago actions.php 7 years ago ajax-functions.php 7 years ago class-give-async-process.php 8 years ago class-give-background-updater.php 7 years ago class-give-cache.php 7 years ago class-give-cli-commands.php 8 years ago class-give-comment.php 7 years ago class-give-cron.php 8 years ago class-give-db-donor-meta.php 8 years ago class-give-db-donors.php 7 years ago class-give-db-form-meta.php 8 years ago class-give-db-logs-meta.php 8 years ago class-give-db-logs.php 7 years ago class-give-db-meta.php 7 years ago class-give-db-payment-meta.php 7 years ago class-give-db-sequential-ordering.php 7 years ago class-give-db-sessions.php 7 years ago class-give-db.php 7 years ago class-give-donate-form.php 8 years ago class-give-donor-wall-widget.php 7 years ago class-give-donor.php 7 years ago class-give-email-access.php 7 years ago class-give-html-elements.php 7 years ago class-give-license-handler.php 7 years ago class-give-logging.php 8 years ago class-give-readme-parser.php 8 years ago class-give-roles.php 8 years ago class-give-scripts.php 7 years ago class-give-session.php 7 years ago class-give-stats.php 8 years ago class-give-template-loader.php 8 years ago class-give-tooltips.php 8 years ago class-give-translation.php 8 years ago class-notices.php 7 years ago country-functions.php 8 years ago currency-functions.php 7 years ago error-tracking.php 8 years ago filters.php 7 years ago formatting.php 7 years ago import-functions.php 7 years ago install.php 7 years ago login-register.php 8 years ago misc-functions.php 7 years ago plugin-compatibility.php 8 years ago post-types.php 8 years ago price-functions.php 7 years ago process-donation.php 7 years ago shortcodes.php 7 years ago template-functions.php 8 years ago user-functions.php 7 years ago
process-donation.php
1488 lines
1 <?php
2 /**
3 * Process Donation
4 *
5 * @package Give
6 * @subpackage Functions
7 * @copyright Copyright (c) 2016, WordImpress
8 * @license https://opensource.org/licenses/gpl-license GNU Public License
9 * @since 1.0
10 */
11
12 // Exit if accessed directly.
13 if ( ! defined( 'ABSPATH' ) ) {
14 exit;
15 }
16
17 /**
18 * Process Donation Form
19 *
20 * Handles the donation form process.
21 *
22 * @access private
23 * @since 1.0
24 *
25 * @throws ReflectionException Exception Handling.
26 *
27 * @return mixed
28 */
29 function give_process_donation_form() {
30
31 // Sanitize Posted Data.
32 $post_data = give_clean( $_POST ); // WPCS: input var ok, CSRF ok.
33
34 // Check whether the form submitted via AJAX or not.
35 $is_ajax = isset( $post_data['give_ajax'] );
36
37 // Verify donation form nonce.
38 if ( ! give_verify_donation_form_nonce( $post_data['give-form-hash'], $post_data['give-form-id'] ) ) {
39 if ( $is_ajax ) {
40 /**
41 * Fires when AJAX sends back errors from the donation form.
42 *
43 * @since 1.0
44 */
45 do_action( 'give_ajax_donation_errors' );
46 give_die();
47 } else {
48 give_send_back_to_checkout();
49 }
50 }
51
52 /**
53 * Fires before processing the donation form.
54 *
55 * @since 1.0
56 */
57 do_action( 'give_pre_process_donation' );
58
59 // Validate the form $_POST data.
60 $valid_data = give_donation_form_validate_fields();
61
62 /**
63 * Fires after validating donation form fields.
64 *
65 * Allow you to hook to donation form errors.
66 *
67 * @since 1.0
68 *
69 * @param bool|array $valid_data Validate fields.
70 * @param array $deprecated Deprecated Since 2.0.2. Use $_POST instead.
71 */
72 $deprecated = $post_data;
73 do_action( 'give_checkout_error_checks', $valid_data, $deprecated );
74
75 // Process the login form.
76 if ( isset( $post_data['give_login_submit'] ) ) {
77 give_process_form_login();
78 }
79
80 // Validate the user.
81 $user = give_get_donation_form_user( $valid_data );
82
83 if ( false === $valid_data || give_get_errors() || ! $user ) {
84 if ( $is_ajax ) {
85 /**
86 * Fires when AJAX sends back errors from the donation form.
87 *
88 * @since 1.0
89 */
90 do_action( 'give_ajax_donation_errors' );
91 give_die();
92 } else {
93 return false;
94 }
95 }
96
97 // If AJAX send back success to proceed with form submission.
98 if ( $is_ajax ) {
99 echo 'success';
100 give_die();
101 }
102
103 /**
104 * Fires action after donation form field validated.
105 *
106 * @since 2.2.0
107 */
108 do_action( 'give_process_donation_after_validation' );
109
110 // Setup user information.
111 $user_info = array(
112 'id' => $user['user_id'],
113 'title' => $user['user_title'],
114 'email' => $user['user_email'],
115 'first_name' => $user['user_first'],
116 'last_name' => $user['user_last'],
117 'address' => $user['address'],
118 );
119
120 $auth_key = defined( 'AUTH_KEY' ) ? AUTH_KEY : '';
121
122 // Donation form ID.
123 $form_id = isset( $post_data['give-form-id'] ) ? absint( $post_data['give-form-id'] ) : 0;
124
125 $price = isset( $post_data['give-amount'] ) ?
126 (float) apply_filters( 'give_donation_total', give_maybe_sanitize_amount( $post_data['give-amount'], array( 'currency' => give_get_currency( $form_id ) ) ) ) :
127 '0.00';
128 $purchase_key = strtolower( md5( $user['user_email'] . date( 'Y-m-d H:i:s' ) . $auth_key . uniqid( 'give', true ) ) );
129
130 /**
131 * Update donation Purchase key.
132 *
133 * Use this filter to update default donation purchase key
134 * and add prefix in Invoice.
135 *
136 * @since 2.2.4
137 *
138 * @param string $purchase_key
139 * @param string $gateway
140 * @param string $purchase_key
141 *
142 * @return string $purchase_key
143 */
144 $purchase_key = apply_filters(
145 'give_donation_purchase_key',
146 $purchase_key,
147 $valid_data['gateway'],
148 // Use this purchase key value if you want to generate custom donation purchase key
149 // because donation purchase key editable by filters and you may get unedited donation purchase key.
150 $purchase_key
151 );
152
153 // Setup donation information.
154 $donation_data = array(
155 'price' => $price,
156 'purchase_key' => $purchase_key,
157 'user_email' => $user['user_email'],
158 'date' => date( 'Y-m-d H:i:s', current_time( 'timestamp' ) ),
159 'user_info' => stripslashes_deep( $user_info ),
160 'post_data' => $post_data,
161 'gateway' => $valid_data['gateway'],
162 'card_info' => $valid_data['cc_info'],
163 );
164
165 // Add the user data for hooks.
166 $valid_data['user'] = $user;
167
168 /**
169 * Fires before donation form gateway.
170 *
171 * Allow you to hook to donation form before the gateway.
172 *
173 * @since 1.0
174 *
175 * @param array $post_data Array of variables passed via the HTTP POST.
176 * @param array $user_info Array containing basic user information.
177 * @param bool|array $valid_data Validate fields.
178 */
179 do_action( 'give_checkout_before_gateway', $post_data, $user_info, $valid_data );
180
181 // Sanity check for price.
182 if ( ! $donation_data['price'] ) {
183 // Revert to manual.
184 $donation_data['gateway'] = 'manual';
185 $_POST['give-gateway'] = 'manual';
186 }
187
188 /**
189 * Allow the donation data to be modified before it is sent to the gateway.
190 *
191 * @since 1.7
192 */
193 $donation_data = apply_filters( 'give_donation_data_before_gateway', $donation_data, $valid_data );
194
195 // Setup the data we're storing in the donation session.
196 $session_data = $donation_data;
197
198 // Make sure credit card numbers are never stored in sessions.
199 unset( $session_data['card_info']['card_number'] );
200 unset( $session_data['post_data']['card_number'] );
201
202 // Used for showing data to non logged-in users after donation, and for other plugins needing donation data.
203 give_set_purchase_session( $session_data );
204
205 // Send info to the gateway for payment processing.
206 give_send_to_gateway( $donation_data['gateway'], $donation_data );
207 give_die();
208 }
209
210 add_action( 'give_purchase', 'give_process_donation_form' );
211 add_action( 'wp_ajax_give_process_donation', 'give_process_donation_form' );
212 add_action( 'wp_ajax_nopriv_give_process_donation', 'give_process_donation_form' );
213
214 /**
215 * Verify that when a logged in user makes a donation that the email address used doesn't belong to a different customer.
216 *
217 * @since 1.7
218 *
219 * @param array $valid_data Validated data submitted for the donation.
220 *
221 * @return void
222 */
223 function give_check_logged_in_user_for_existing_email( $valid_data ) {
224
225 // Verify that the email address belongs to this customer.
226 if ( is_user_logged_in() ) {
227
228 $submitted_email = $valid_data['logged_in_user']['user_email'];
229 $donor = new Give_Donor( get_current_user_id(), true );
230
231 // If this email address is not registered with this customer, see if it belongs to any other customer.
232 if (
233 $submitted_email !== $donor->email
234 && ( is_array( $donor->emails ) && ! in_array( $submitted_email, $donor->emails, true ) )
235 ) {
236 $found_donor = new Give_Donor( $submitted_email );
237
238 if ( $found_donor->id > 0 ) {
239 give_set_error(
240 'give-customer-email-exists',
241 sprintf(
242 /* translators: 1. Donor Email, 2. Submitted Email */
243 __( 'You are logged in as %1$s, and are submitting a donation as %2$s, which is an existing donor. To ensure that the email address is tied to the correct donor, please submit this donation from a logged-out browser, or choose another email address.', 'give' ),
244 $donor->email,
245 $submitted_email
246 )
247 );
248 }
249 }
250 }
251 }
252
253 add_action( 'give_checkout_error_checks', 'give_check_logged_in_user_for_existing_email', 10, 1 );
254
255 /**
256 * Process the checkout login form
257 *
258 * @access private
259 * @since 1.0
260 *
261 * @return void
262 */
263 function give_process_form_login() {
264
265 $is_ajax = ! empty( $_POST['give_ajax'] ) ? give_clean( $_POST['give_ajax'] ) : 0; // WPCS: input var ok, sanitization ok, CSRF ok.
266 $referrer = wp_get_referer();
267 $user_data = give_donation_form_validate_user_login();
268
269 if ( give_get_errors() || $user_data['user_id'] < 1 ) {
270 if ( $is_ajax ) {
271 /**
272 * Fires when AJAX sends back errors from the donation form.
273 *
274 * @since 1.0
275 */
276 ob_start();
277 do_action( 'give_ajax_donation_errors' );
278 $message = ob_get_contents();
279 ob_end_clean();
280 wp_send_json_error( $message );
281 } else {
282 wp_safe_redirect( $referrer );
283 exit;
284 }
285 }
286
287 give_log_user_in( $user_data['user_id'], $user_data['user_login'], $user_data['user_pass'] );
288
289 if ( $is_ajax ) {
290 $message = Give()->notices->print_frontend_notice(
291 sprintf(
292 /* translators: %s: user first name */
293 esc_html__( 'Welcome %s! You have successfully logged into your account.', 'give' ),
294 ( ! empty( $user_data['user_first'] ) ) ? $user_data['user_first'] : $user_data['user_login']
295 ),
296 false,
297 'success'
298 );
299
300 wp_send_json_success( $message );
301 } else {
302 wp_safe_redirect( $referrer );
303 }
304 }
305
306 add_action( 'wp_ajax_give_process_donation_login', 'give_process_form_login' );
307 add_action( 'wp_ajax_nopriv_give_process_donation_login', 'give_process_form_login' );
308
309 /**
310 * Donation Form Validate Fields.
311 *
312 * @access private
313 * @since 1.0
314 *
315 * @return bool|array
316 */
317 function give_donation_form_validate_fields() {
318
319 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
320
321 // Validate Honeypot First.
322 if ( ! empty( $post_data['give-honeypot'] ) ) {
323 give_set_error( 'invalid_honeypot', esc_html__( 'Honeypot field detected. Go away bad bot!', 'give' ) );
324 }
325
326 // Check spam detect.
327 if (
328 isset( $post_data['action'] ) &&
329 give_is_setting_enabled( give_get_option( 'akismet_spam_protection' ) ) &&
330 give_is_spam_donation()
331 ) {
332 give_set_error( 'spam_donation', __( 'This donation has been flagged as spam. Please try again.', 'give' ) );
333 }
334
335 // Start an array to collect valid data.
336 $valid_data = array(
337 'gateway' => give_donation_form_validate_gateway(), // Gateway fallback (amount is validated here).
338 'need_new_user' => false, // New user flag.
339 'need_user_login' => false, // Login user flag.
340 'logged_user_data' => array(), // Logged user collected data.
341 'new_user_data' => array(), // New user collected data.
342 'login_user_data' => array(), // Login user collected data.
343 'guest_user_data' => array(), // Guest user collected data.
344 'cc_info' => give_donation_form_validate_cc(), // Credit card info.
345 );
346
347 $form_id = intval( $post_data['give-form-id'] );
348
349 // Validate agree to terms.
350 if ( give_is_terms_enabled( $form_id ) ) {
351 give_donation_form_validate_agree_to_terms();
352 }
353
354 if ( is_user_logged_in() ) {
355
356 // Collect logged in user data.
357 $valid_data['logged_in_user'] = give_donation_form_validate_logged_in_user();
358 } elseif (
359 isset( $post_data['give-purchase-var'] ) &&
360 'needs-to-register' === $post_data['give-purchase-var'] &&
361 ! empty( $post_data['give_create_account'] )
362 ) {
363
364 // Set new user registration as required.
365 $valid_data['need_new_user'] = true;
366
367 // Validate new user data.
368 $valid_data['new_user_data'] = give_donation_form_validate_new_user();
369 } elseif (
370 isset( $post_data['give-purchase-var'] ) &&
371 'needs-to-login' === $post_data['give-purchase-var']
372 ) {
373
374 // Set user login as required.
375 $valid_data['need_user_login'] = true;
376
377 // Validate users login info.
378 $valid_data['login_user_data'] = give_donation_form_validate_user_login();
379 } else {
380
381 // Not registering or logging in, so setup guest user data.
382 $valid_data['guest_user_data'] = give_donation_form_validate_guest_user();
383 }
384
385 // Return collected data.
386 return $valid_data;
387 }
388
389 /**
390 * Detect spam donation.
391 *
392 * @since 1.8.14
393 *
394 * @return bool|mixed
395 */
396 function give_is_spam_donation() {
397 $spam = false;
398
399 $user_agent = (string) isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : '';
400
401 if ( strlen( $user_agent ) < 2 ) {
402 $spam = true;
403 }
404
405 // Allow developer to customized Akismet spam detect API call and it's response.
406 return apply_filters( 'give_spam', $spam );
407 }
408
409 /**
410 * Donation Form Validate Gateway
411 *
412 * Validate the gateway and donation amount.
413 *
414 * @access private
415 * @since 1.0
416 *
417 * @return string
418 */
419 function give_donation_form_validate_gateway() {
420
421 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
422 $form_id = ! empty( $post_data['give-form-id'] ) ? $post_data['give-form-id'] : 0;
423 $amount = ! empty( $post_data['give-amount'] ) ? give_maybe_sanitize_amount( $post_data['give-amount'] ) : 0;
424 $gateway = ! empty( $post_data['give-gateway'] ) ? $post_data['give-gateway'] : 0;
425
426 // Bailout, if payment gateway is not submitted with donation form data.
427 if ( empty( $gateway ) ) {
428
429 give_set_error( 'empty_gateway', __( 'The donation form will process with a valid payment gateway.', 'give' ) );
430
431 } elseif ( ! give_is_gateway_active( $gateway ) ) {
432
433 give_set_error( 'invalid_gateway', __( 'The selected payment gateway is not enabled.', 'give' ) );
434
435 } elseif ( empty( $amount ) ) {
436
437 give_set_error( 'invalid_donation_amount', __( 'Please insert a valid donation amount.', 'give' ) );
438
439 } elseif ( ! give_verify_minimum_price( 'minimum' ) ) {
440
441 give_set_error(
442 'invalid_donation_minimum',
443 sprintf(
444 /* translators: %s: minimum donation amount */
445 __( 'This form has a minimum donation amount of %s.', 'give' ),
446 give_currency_filter(
447 give_format_amount( give_get_form_minimum_price( $form_id ),
448 array(
449 'sanitize' => false,
450 )
451 )
452 )
453 )
454 );
455 } elseif ( ! give_verify_minimum_price( 'maximum' ) ) {
456
457 give_set_error(
458 'invalid_donation_maximum',
459 sprintf(
460 /* translators: %s: Maximum donation amount */
461 __( 'This form has a maximum donation amount of %s.', 'give' ),
462 give_currency_filter(
463 give_format_amount( give_get_form_maximum_price( $form_id ),
464 array(
465 'sanitize' => false,
466 )
467 )
468 )
469 )
470 );
471 } // End if().
472
473 return $gateway;
474
475 }
476
477 /**
478 * Donation Form Validate Minimum or Maximum Donation Amount
479 *
480 * @access private
481 * @since 1.3.6
482 * @since 2.1 Added support for give maximum amount.
483 * @since 2.1.3 Added new filter to modify the return value.
484 *
485 * @param string $amount_range Which amount needs to verify? minimum or maximum.
486 *
487 * @return bool
488 */
489 function give_verify_minimum_price( $amount_range = 'minimum' ) {
490
491 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
492 $form_id = ! empty( $post_data['give-form-id'] ) ? $post_data['give-form-id'] : 0;
493 $amount = ! empty( $post_data['give-amount'] ) ? give_maybe_sanitize_amount( $post_data['give-amount'], array( 'currency' => give_get_currency( $form_id ) ) ) : 0;
494 $price_id = isset( $post_data['give-price-id'] ) ? absint( $post_data['give-price-id'] ) : '';
495
496 $variable_prices = give_has_variable_prices( $form_id );
497 $price_ids = array_map( 'absint', give_get_variable_price_ids( $form_id ) );
498 $verified_stat = false;
499
500 if ( $variable_prices && in_array( $price_id, $price_ids, true ) ) {
501
502 $price_level_amount = give_get_price_option_amount( $form_id, $price_id );
503
504 if ( $price_level_amount == $amount ) {
505 $verified_stat = true;
506 }
507 }
508
509 if ( ! $verified_stat ) {
510 switch ( $amount_range ) {
511 case 'minimum' :
512 $verified_stat = ( give_get_form_minimum_price( $form_id ) > $amount ) ? false : true;
513 break;
514 case 'maximum' :
515 $verified_stat = ( give_get_form_maximum_price( $form_id ) < $amount ) ? false : true;
516 break;
517 }
518 }
519
520 /**
521 * Filter the verify amount
522 *
523 * @since 2.1.3
524 *
525 * @param bool $verified_stat Was verification passed or not?
526 * @param string $amount_range Type of the amount.
527 * @param integer $form_id Give Donation Form ID.
528 */
529 return apply_filters( 'give_verify_minimum_maximum_price', $verified_stat, $amount_range, $form_id );
530 }
531
532 /**
533 * Donation form validate agree to "Terms and Conditions".
534 *
535 * @access private
536 * @since 1.0
537 *
538 * @return void
539 */
540 function give_donation_form_validate_agree_to_terms() {
541
542 $agree_to_terms = ! empty( $_POST['give_agree_to_terms'] ) ? give_clean( $_POST['give_agree_to_terms'] ) : 0; // WPCS: input var ok, sanitization ok, CSRF ok.
543
544 // Proceed only, if donor agreed to terms.
545 if ( ! $agree_to_terms ) {
546
547 // User did not agree.
548 give_set_error( 'agree_to_terms', apply_filters( 'give_agree_to_terms_text', __( 'You must agree to the terms and conditions.', 'give' ) ) );
549 }
550 }
551
552 /**
553 * Donation Form Required Fields.
554 *
555 * @access private
556 * @since 1.0
557 *
558 * @param int $form_id Donation Form ID.
559 *
560 * @return array
561 */
562 function give_get_required_fields( $form_id ) {
563
564 $payment_mode = give_get_chosen_gateway( $form_id );
565
566 $required_fields = array(
567 'give_email' => array(
568 'error_id' => 'invalid_email',
569 'error_message' => __( 'Please enter a valid email address.', 'give' ),
570 ),
571 'give_first' => array(
572 'error_id' => 'invalid_first_name',
573 'error_message' => __( 'Please enter your first name.', 'give' ),
574 ),
575 );
576
577 $name_title_prefix = give_is_name_title_prefix_required( $form_id );
578 if ( $name_title_prefix ) {
579 $required_fields['give_title'] = array(
580 'error_id' => 'invalid_title',
581 'error_message' => __( 'Please enter your title.', 'give' ),
582 );
583 }
584
585 $require_address = give_require_billing_address( $payment_mode );
586
587 if ( $require_address ) {
588 $required_fields['card_address'] = array(
589 'error_id' => 'invalid_card_address',
590 'error_message' => __( 'Please enter your primary billing address.', 'give' ),
591 );
592 $required_fields['card_zip'] = array(
593 'error_id' => 'invalid_zip_code',
594 'error_message' => __( 'Please enter your zip / postal code.', 'give' ),
595 );
596 $required_fields['card_city'] = array(
597 'error_id' => 'invalid_city',
598 'error_message' => __( 'Please enter your billing city.', 'give' ),
599 );
600 $required_fields['billing_country'] = array(
601 'error_id' => 'invalid_country',
602 'error_message' => __( 'Please select your billing country.', 'give' ),
603 );
604
605
606 $required_fields['card_state'] = array(
607 'error_id' => 'invalid_state',
608 'error_message' => __( 'Please enter billing state / province / County.', 'give' ),
609 );
610
611 $country = ! empty( $_POST['billing_country'] ) ? give_clean( $_POST['billing_country'] ) : 0; // WPCS: input var ok, sanitization ok, CSRF ok.
612
613 // Check if billing country already exists.
614 if ( $country ) {
615
616 // Get the country list that does not required any states init.
617 $states_country = give_states_not_required_country_list();
618
619 // Check if states is empty or not.
620 if ( array_key_exists( $country, $states_country ) ) {
621 // If states is empty remove the required fields of state in billing cart.
622 unset( $required_fields['card_state'] );
623 }
624 }
625 } // End if().
626
627 if ( give_is_company_field_enabled( $form_id ) ) {
628 $form_option = give_get_meta( $form_id, '_give_company_field', true );
629 $global_setting = give_get_option( 'company_field' );
630
631 $is_company_field_required = false;
632
633 if ( ! empty( $form_option ) && give_is_setting_enabled( $form_option, array( 'required' ) ) ) {
634 $is_company_field_required = true;
635
636 } elseif ( 'global' === $form_option && give_is_setting_enabled( $global_setting, array( 'required' ) ) ) {
637 $is_company_field_required = true;
638
639 } elseif ( empty( $form_option ) && give_is_setting_enabled( $global_setting, array( 'required' ) ) ) {
640 $is_company_field_required = true;
641
642 }
643
644 if ( $is_company_field_required ) {
645 $required_fields['give_company_name'] = array(
646 'error_id' => 'invalid_company',
647 'error_message' => __( 'Please enter Company Name.', 'give' ),
648 );
649 }
650 }
651
652 /**
653 * Filters the donation form required field.
654 *
655 * @since 1.7
656 */
657 $required_fields = apply_filters( 'give_donation_form_required_fields', $required_fields, $form_id );
658
659 return $required_fields;
660
661 }
662
663 /**
664 * Check if the Billing Address is required
665 *
666 * @since 1.0.1
667 *
668 * @param string $payment_mode Payment Mode.
669 *
670 * @return bool
671 */
672 function give_require_billing_address( $payment_mode ) {
673
674 $return = false;
675 $billing_country = ! empty( $_POST['billing_country'] ) ? give_clean( $_POST['billing_country'] ) : 0; // WPCS: input var ok, sanitization ok, CSRF ok.
676
677 if ( $billing_country || did_action( "give_{$payment_mode}_cc_form" ) || did_action( 'give_cc_form' ) ) {
678 $return = true;
679 }
680
681 // Let payment gateways and other extensions determine if address fields should be required.
682 return apply_filters( 'give_require_billing_address', $return );
683
684 }
685
686 /**
687 * Donation Form Validate Logged In User.
688 *
689 * @access private
690 * @since 1.0
691 *
692 * @return array
693 */
694 function give_donation_form_validate_logged_in_user() {
695
696 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
697 $user_id = get_current_user_id();
698 $form_id = ! empty( $post_data['give-form-id'] ) ? $post_data['give-form-id'] : 0;
699
700 // Start empty array to collect valid user data.
701 $valid_user_data = array(
702
703 // Assume there will be errors.
704 'user_id' => - 1,
705 );
706
707 // Proceed on;y, if valid $user_id found.
708 if ( $user_id > 0 ) {
709
710 // Get the logged in user data.
711 $user_data = get_userdata( $user_id );
712
713 // Validate Required Form Fields.
714 give_validate_required_form_fields( $form_id );
715
716 // Verify data.
717 if ( is_object( $user_data ) && $user_data->ID > 0 ) {
718
719 // Collected logged in user data.
720 $valid_user_data = array(
721 'user_id' => $user_id,
722 'user_email' => ! empty( $post_data['give_email'] ) ? sanitize_email( $post_data['give_email'] ) : $user_data->user_email,
723 'user_first' => ! empty( $post_data['give_first'] ) ? $post_data['give_first'] : $user_data->first_name,
724 'user_last' => ! empty( $post_data['give_last'] ) ? $post_data['give_last'] : $user_data->last_name,
725 );
726
727 // Validate essential form fields.
728 give_donation_form_validate_name_fields( $post_data );
729
730 if ( ! is_email( $valid_user_data['user_email'] ) ) {
731 give_set_error( 'email_invalid', esc_html__( 'Invalid email.', 'give' ) );
732 }
733 } else {
734
735 // Set invalid user information error.
736 give_set_error( 'invalid_user', esc_html__( 'The user information is invalid.', 'give' ) );
737 }
738 }
739
740 // Return user data.
741 return $valid_user_data;
742 }
743
744 /**
745 * Donate Form Validate New User
746 *
747 * @access private
748 * @since 1.0
749 *
750 * @return array
751 */
752 function give_donation_form_validate_new_user() {
753 // Default user data.
754 $auto_generated_password = wp_generate_password();
755 $default_user_data = array(
756 'give-form-id' => '',
757 'user_id' => - 1, // Assume there will be errors.
758 'user_first' => '',
759 'user_last' => '',
760 'give_user_login' => false,
761 'give_email' => false,
762 'give_user_pass' => $auto_generated_password,
763 'give_user_pass_confirm' => $auto_generated_password,
764 );
765
766 // Get data.
767 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
768 $user_data = wp_parse_args( $post_data, $default_user_data );
769
770 $form_id = absint( $user_data['give-form-id'] );
771 $nonce = ! empty( $post_data['give-form-user-register-hash'] ) ? $post_data['give-form-user-register-hash'] : '';
772
773 // Validate user creation nonce.
774 if ( ! wp_verify_nonce( $nonce, "give_form_create_user_nonce_{$form_id}" ) ) {
775 give_set_error( 'invalid_nonce', __( 'Nonce verification has failed.', 'give' ) );
776 }
777
778 $registering_new_user = false;
779
780 give_donation_form_validate_name_fields( $user_data );
781
782 // Start an empty array to collect valid user data.
783 $valid_user_data = array(
784
785 // Assume there will be errors.
786 'user_id' => - 1,
787
788 // Get first name.
789 'user_first' => $user_data['give_first'],
790
791 // Get last name.
792 'user_last' => $user_data['give_last'],
793
794 // Get Password.
795 'user_pass' => $user_data['give_user_pass'],
796 );
797
798 // Validate Required Form Fields.
799 give_validate_required_form_fields( $form_id );
800
801 // Set Email as Username.
802 $valid_user_data['user_login'] = $user_data['give_email'];
803
804 // Check if we have an email to verify.
805 if ( give_validate_user_email( $user_data['give_email'], $registering_new_user ) ) {
806 $valid_user_data['user_email'] = $user_data['give_email'];
807 }
808
809 return $valid_user_data;
810 }
811
812 /**
813 * Donation Form Validate User Login
814 *
815 * @access private
816 * @since 1.0
817 *
818 * @return array
819 */
820 function give_donation_form_validate_user_login() {
821
822 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
823
824 // Start an array to collect valid user data.
825 $valid_user_data = array(
826
827 // Assume there will be errors.
828 'user_id' => - 1,
829 );
830
831 // Bailout, if Username is empty.
832 if ( empty( $post_data['give_user_login'] ) ) {
833 give_set_error( 'must_log_in', __( 'You must register or login to complete your donation.', 'give' ) );
834
835 return $valid_user_data;
836 }
837
838 // Get the user by login.
839 $user_data = get_user_by( 'login', strip_tags( $post_data['give_user_login'] ) );
840
841 // Check if user exists.
842 if ( $user_data ) {
843
844 // Get password.
845 $user_pass = ! empty( $post_data['give_user_pass'] ) ? $post_data['give_user_pass'] : false;
846
847 // Check user_pass.
848 if ( $user_pass ) {
849
850 // Check if password is valid.
851 if ( ! wp_check_password( $user_pass, $user_data->user_pass, $user_data->ID ) ) {
852
853 $current_page_url = site_url() . '/' . get_page_uri();
854
855 // Incorrect password.
856 give_set_error(
857 'password_incorrect',
858 sprintf(
859 '%1$s <a href="%2$s">%3$s</a>',
860 __( 'The password you entered is incorrect.', 'give' ),
861 wp_lostpassword_url( $current_page_url ),
862 __( 'Reset Password', 'give' )
863 )
864 );
865
866 } else {
867
868 // Repopulate the valid user data array.
869 $valid_user_data = array(
870 'user_id' => $user_data->ID,
871 'user_login' => $user_data->user_login,
872 'user_email' => $user_data->user_email,
873 'user_first' => $user_data->first_name,
874 'user_last' => $user_data->last_name,
875 'user_pass' => $user_pass,
876 );
877 }
878 } else {
879 // Empty password.
880 give_set_error( 'password_empty', __( 'Enter a password.', 'give' ) );
881 }
882 } else {
883 // No username.
884 give_set_error( 'username_incorrect', __( 'The username you entered does not exist.', 'give' ) );
885 } // End if().
886
887 return $valid_user_data;
888 }
889
890 /**
891 * Donation Form Validate Guest User
892 *
893 * @access private
894 * @since 1.0
895 *
896 * @return array
897 */
898 function give_donation_form_validate_guest_user() {
899
900 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
901 $form_id = ! empty( $post_data['give-form-id'] ) ? $post_data['give-form-id'] : 0;
902
903 // Start an array to collect valid user data.
904 $valid_user_data = array(
905 // Set a default id for guests.
906 'user_id' => 0,
907 );
908
909 // Validate name fields.
910 give_donation_form_validate_name_fields( $post_data );
911
912 // Validate Required Form Fields.
913 give_validate_required_form_fields( $form_id );
914
915 // Get the guest email.
916 $guest_email = ! empty( $post_data['give_email'] ) ? $post_data['give_email'] : false;
917
918 // Check email.
919 if ( $guest_email && strlen( $guest_email ) > 0 ) {
920
921 // Validate email.
922 if ( ! is_email( $guest_email ) ) {
923
924 // Invalid email.
925 give_set_error( 'email_invalid', __( 'Invalid email.', 'give' ) );
926
927 } else {
928
929 // All is good to go.
930 $valid_user_data['user_email'] = $guest_email;
931
932 // Get user_id from donor if exist.
933 $donor = new Give_Donor( $guest_email );
934
935 if ( $donor->id && $donor->user_id ) {
936 $valid_user_data['user_id'] = $donor->user_id;
937 }
938 }
939 } else {
940 // No email.
941 give_set_error( 'email_empty', __( 'Enter an email.', 'give' ) );
942 }
943
944 return $valid_user_data;
945 }
946
947 /**
948 * Register And Login New User
949 *
950 * @param array $user_data User Data.
951 *
952 * @access private
953 * @since 1.0
954 *
955 * @return integer
956 */
957 function give_register_and_login_new_user( $user_data = array() ) {
958 // Verify the array.
959 if ( empty( $user_data ) ) {
960 return - 1;
961 }
962
963 if ( give_get_errors() ) {
964 return - 1;
965 }
966
967 $user_args = apply_filters( 'give_insert_user_args', array(
968 'user_login' => isset( $user_data['user_login'] ) ? $user_data['user_login'] : '',
969 'user_pass' => isset( $user_data['user_pass'] ) ? $user_data['user_pass'] : '',
970 'user_email' => isset( $user_data['user_email'] ) ? $user_data['user_email'] : '',
971 'first_name' => isset( $user_data['user_first'] ) ? $user_data['user_first'] : '',
972 'last_name' => isset( $user_data['user_last'] ) ? $user_data['user_last'] : '',
973 'user_registered' => date( 'Y-m-d H:i:s' ),
974 'role' => give_get_option( 'donor_default_user_role', 'give_donor' ),
975 ), $user_data );
976
977 // Insert new user.
978 $user_id = wp_insert_user( $user_args );
979
980 // Validate inserted user.
981 if ( is_wp_error( $user_id ) ) {
982 return - 1;
983 }
984
985 // Allow themes and plugins to filter the user data.
986 $user_data = apply_filters( 'give_insert_user_data', $user_data, $user_args );
987
988 /**
989 * Fires after inserting user.
990 *
991 * @since 1.0
992 *
993 * @param int $user_id User id.
994 * @param array $user_data Array containing user data.
995 */
996 do_action( 'give_insert_user', $user_id, $user_data );
997
998 /**
999 * Filter allow user to alter if user when to login or not when user is register for the first time.
1000 *
1001 * @since 1.8.13
1002 *
1003 * return bool True if login with registration and False if only want to register.
1004 */
1005 if ( true === (bool) apply_filters( 'give_log_user_in_on_register', true ) ) {
1006 // Login new user.
1007 give_log_user_in( $user_id, $user_data['user_login'], $user_data['user_pass'] );
1008 }
1009
1010 // Return user id.
1011 return $user_id;
1012 }
1013
1014 /**
1015 * Get Donation Form User
1016 *
1017 * @param array $valid_data Valid Data.
1018 *
1019 * @access private
1020 * @since 1.0
1021 *
1022 * @return array|bool
1023 */
1024 function give_get_donation_form_user( $valid_data = array() ) {
1025
1026 // Initialize user.
1027 $user = false;
1028 $is_ajax = defined( 'DOING_AJAX' ) && DOING_AJAX;
1029 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
1030
1031 if ( $is_ajax ) {
1032
1033 // Do not create or login the user during the ajax submission (check for errors only).
1034 return true;
1035 } elseif ( is_user_logged_in() ) {
1036
1037 // Set the valid user as the logged in collected data.
1038 $user = $valid_data['logged_in_user'];
1039 } elseif ( true === $valid_data['need_new_user'] || true === $valid_data['need_user_login'] ) {
1040
1041 // New user registration.
1042 if ( true === $valid_data['need_new_user'] ) {
1043
1044 // Set user.
1045 $user = $valid_data['new_user_data'];
1046
1047 // Register and login new user.
1048 $user['user_id'] = give_register_and_login_new_user( $user );
1049
1050 } elseif ( true === $valid_data['need_user_login'] && ! $is_ajax ) {
1051
1052 /**
1053 * The login form is now processed in the give_process_donation_login() function.
1054 * This is still here for backwards compatibility.
1055 * This also allows the old login process to still work if a user removes the checkout login submit button.
1056 *
1057 * This also ensures that the donor is logged in correctly if they click "Donation" instead of submitting the login form, meaning the donor is logged in during the donation process.
1058 */
1059 $user = $valid_data['login_user_data'];
1060
1061 // Login user.
1062 give_log_user_in( $user['user_id'], $user['user_login'], $user['user_pass'] );
1063 }
1064 } // End if().
1065
1066 // Check guest checkout.
1067 if ( false === $user && false === give_logged_in_only( $post_data['give-form-id'] ) ) {
1068
1069 // Set user.
1070 $user = $valid_data['guest_user_data'];
1071 }
1072
1073 // Verify we have an user.
1074 if ( false === $user || empty( $user ) ) {
1075 return false;
1076 }
1077
1078 // Get user first name.
1079 if ( ! isset( $user['user_first'] ) || strlen( trim( $user['user_first'] ) ) < 1 ) {
1080 $user['user_first'] = isset( $post_data['give_first'] ) ? strip_tags( trim( $post_data['give_first'] ) ) : '';
1081 }
1082
1083 // Get user last name.
1084 if ( ! isset( $user['user_last'] ) || strlen( trim( $user['user_last'] ) ) < 1 ) {
1085 $user['user_last'] = isset( $post_data['give_last'] ) ? strip_tags( trim( $post_data['give_last'] ) ) : '';
1086 }
1087
1088 // Add Title Prefix to user information.
1089 if ( empty( $user['user_title'] ) || strlen( trim( $user['user_title'] ) ) < 1 ) {
1090 $user['user_title'] = ! empty( $post_data['give_title'] ) ? strip_tags( trim( $post_data['give_title'] ) ) : '';
1091 }
1092
1093 // Get the user's billing address details.
1094 $user['address'] = array();
1095 $user['address']['line1'] = ! empty( $post_data['card_address'] ) ? $post_data['card_address'] : false;
1096 $user['address']['line2'] = ! empty( $post_data['card_address_2'] ) ? $post_data['card_address_2'] : false;
1097 $user['address']['city'] = ! empty( $post_data['card_city'] ) ? $post_data['card_city'] : false;
1098 $user['address']['state'] = ! empty( $post_data['card_state'] ) ? $post_data['card_state'] : false;
1099 $user['address']['zip'] = ! empty( $post_data['card_zip'] ) ? $post_data['card_zip'] : false;
1100 $user['address']['country'] = ! empty( $post_data['billing_country'] ) ? $post_data['billing_country'] : false;
1101
1102 if ( empty( $user['address']['country'] ) ) {
1103 $user['address'] = false;
1104 } // End if().
1105
1106 // Return valid user.
1107 return $user;
1108 }
1109
1110 /**
1111 * Validates the credit card info.
1112 *
1113 * @access private
1114 * @since 1.0
1115 *
1116 * @return array
1117 */
1118 function give_donation_form_validate_cc() {
1119
1120 $card_data = give_get_donation_cc_info();
1121
1122 // Validate the card zip.
1123 if ( ! empty( $card_data['card_zip'] ) ) {
1124 if ( ! give_donation_form_validate_cc_zip( $card_data['card_zip'], $card_data['card_country'] ) ) {
1125 give_set_error( 'invalid_cc_zip', __( 'The zip / postal code you entered for your billing address is invalid.', 'give' ) );
1126 }
1127 }
1128
1129 // Ensure no spaces.
1130 if ( ! empty( $card_data['card_number'] ) ) {
1131 $card_data['card_number'] = str_replace( '+', '', $card_data['card_number'] ); // no "+" signs.
1132 $card_data['card_number'] = str_replace( ' ', '', $card_data['card_number'] ); // No spaces.
1133 }
1134
1135 // This should validate card numbers at some point too.
1136 return $card_data;
1137 }
1138
1139 /**
1140 * Get credit card info.
1141 *
1142 * @access private
1143 * @since 1.0
1144 *
1145 * @return array
1146 */
1147 function give_get_donation_cc_info() {
1148
1149 // Sanitize the values submitted with donation form.
1150 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
1151
1152 $cc_info = array();
1153 $cc_info['card_name'] = ! empty( $post_data['card_name'] ) ? $post_data['card_name'] : '';
1154 $cc_info['card_number'] = ! empty( $post_data['card_number'] ) ? $post_data['card_number'] : '';
1155 $cc_info['card_cvc'] = ! empty( $post_data['card_cvc'] ) ? $post_data['card_cvc'] : '';
1156 $cc_info['card_exp_month'] = ! empty( $post_data['card_exp_month'] ) ? $post_data['card_exp_month'] : '';
1157 $cc_info['card_exp_year'] = ! empty( $post_data['card_exp_year'] ) ? $post_data['card_exp_year'] : '';
1158 $cc_info['card_address'] = ! empty( $post_data['card_address'] ) ? $post_data['card_address'] : '';
1159 $cc_info['card_address_2'] = ! empty( $post_data['card_address_2'] ) ? $post_data['card_address_2'] : '';
1160 $cc_info['card_city'] = ! empty( $post_data['card_city'] ) ? $post_data['card_city'] : '';
1161 $cc_info['card_state'] = ! empty( $post_data['card_state'] ) ? $post_data['card_state'] : '';
1162 $cc_info['card_country'] = ! empty( $post_data['billing_country'] ) ? $post_data['billing_country'] : '';
1163 $cc_info['card_zip'] = ! empty( $post_data['card_zip'] ) ? $post_data['card_zip'] : '';
1164
1165 // Return cc info.
1166 return $cc_info;
1167 }
1168
1169 /**
1170 * Validate zip code based on country code
1171 *
1172 * @since 1.0
1173 *
1174 * @param int $zip ZIP Code.
1175 * @param string $country_code Country Code.
1176 *
1177 * @return bool|mixed
1178 */
1179 function give_donation_form_validate_cc_zip( $zip = 0, $country_code = '' ) {
1180 $ret = false;
1181
1182 if ( empty( $zip ) || empty( $country_code ) ) {
1183 return $ret;
1184 }
1185
1186 $country_code = strtoupper( $country_code );
1187
1188 $zip_regex = array(
1189 'AD' => 'AD\d{3}',
1190 'AM' => '(37)?\d{4}',
1191 'AR' => '^([A-Z]{1}\d{4}[A-Z]{3}|[A-Z]{1}\d{4}|\d{4})$',
1192 'AS' => '96799',
1193 'AT' => '\d{4}',
1194 'AU' => '^(0[289][0-9]{2})|([1345689][0-9]{3})|(2[0-8][0-9]{2})|(290[0-9])|(291[0-4])|(7[0-4][0-9]{2})|(7[8-9][0-9]{2})$',
1195 'AX' => '22\d{3}',
1196 'AZ' => '\d{4}',
1197 'BA' => '\d{5}',
1198 'BB' => '(BB\d{5})?',
1199 'BD' => '\d{4}',
1200 'BE' => '^[1-9]{1}[0-9]{3}$',
1201 'BG' => '\d{4}',
1202 'BH' => '((1[0-2]|[2-9])\d{2})?',
1203 'BM' => '[A-Z]{2}[ ]?[A-Z0-9]{2}',
1204 'BN' => '[A-Z]{2}[ ]?\d{4}',
1205 'BR' => '\d{5}[\-]?\d{3}',
1206 'BY' => '\d{6}',
1207 'CA' => '^[ABCEGHJKLMNPRSTVXY]{1}\d{1}[A-Z]{1} *\d{1}[A-Z]{1}\d{1}$',
1208 'CC' => '6799',
1209 'CH' => '^[1-9][0-9][0-9][0-9]$',
1210 'CK' => '\d{4}',
1211 'CL' => '\d{7}',
1212 'CN' => '\d{6}',
1213 'CR' => '\d{4,5}|\d{3}-\d{4}',
1214 'CS' => '\d{5}',
1215 'CV' => '\d{4}',
1216 'CX' => '6798',
1217 'CY' => '\d{4}',
1218 'CZ' => '\d{3}[ ]?\d{2}',
1219 'DE' => '\b((?:0[1-46-9]\d{3})|(?:[1-357-9]\d{4})|(?:[4][0-24-9]\d{3})|(?:[6][013-9]\d{3}))\b',
1220 'DK' => '^([D-d][K-k])?( |-)?[1-9]{1}[0-9]{3}$',
1221 'DO' => '\d{5}',
1222 'DZ' => '\d{5}',
1223 'EC' => '([A-Z]\d{4}[A-Z]|(?:[A-Z]{2})?\d{6})?',
1224 'EE' => '\d{5}',
1225 'EG' => '\d{5}',
1226 'ES' => '^([1-9]{2}|[0-9][1-9]|[1-9][0-9])[0-9]{3}$',
1227 'ET' => '\d{4}',
1228 'FI' => '\d{5}',
1229 'FK' => 'FIQQ 1ZZ',
1230 'FM' => '(9694[1-4])([ \-]\d{4})?',
1231 'FO' => '\d{3}',
1232 'FR' => '^(F-)?((2[A|B])|[0-9]{2})[0-9]{3}$',
1233 'GE' => '\d{4}',
1234 'GF' => '9[78]3\d{2}',
1235 'GL' => '39\d{2}',
1236 'GN' => '\d{3}',
1237 'GP' => '9[78][01]\d{2}',
1238 'GR' => '\d{3}[ ]?\d{2}',
1239 'GS' => 'SIQQ 1ZZ',
1240 'GT' => '\d{5}',
1241 'GU' => '969[123]\d([ \-]\d{4})?',
1242 'GW' => '\d{4}',
1243 'HM' => '\d{4}',
1244 'HN' => '(?:\d{5})?',
1245 'HR' => '\d{5}',
1246 'HT' => '\d{4}',
1247 'HU' => '\d{4}',
1248 'ID' => '\d{5}',
1249 'IE' => '((D|DUBLIN)?([1-9]|6[wW]|1[0-8]|2[024]))?',
1250 'IL' => '\d{5}',
1251 'IN' => '^[1-9][0-9][0-9][0-9][0-9][0-9]$', // India.
1252 'IO' => 'BBND 1ZZ',
1253 'IQ' => '\d{5}',
1254 'IS' => '\d{3}',
1255 'IT' => '^(V-|I-)?[0-9]{5}$',
1256 'JO' => '\d{5}',
1257 'JP' => '\d{3}-\d{4}',
1258 'KE' => '\d{5}',
1259 'KG' => '\d{6}',
1260 'KH' => '\d{5}',
1261 'KR' => '\d{3}[\-]\d{3}',
1262 'KW' => '\d{5}',
1263 'KZ' => '\d{6}',
1264 'LA' => '\d{5}',
1265 'LB' => '(\d{4}([ ]?\d{4})?)?',
1266 'LI' => '(948[5-9])|(949[0-7])',
1267 'LK' => '\d{5}',
1268 'LR' => '\d{4}',
1269 'LS' => '\d{3}',
1270 'LT' => '\d{5}',
1271 'LU' => '\d{4}',
1272 'LV' => '\d{4}',
1273 'MA' => '\d{5}',
1274 'MC' => '980\d{2}',
1275 'MD' => '\d{4}',
1276 'ME' => '8\d{4}',
1277 'MG' => '\d{3}',
1278 'MH' => '969[67]\d([ \-]\d{4})?',
1279 'MK' => '\d{4}',
1280 'MN' => '\d{6}',
1281 'MP' => '9695[012]([ \-]\d{4})?',
1282 'MQ' => '9[78]2\d{2}',
1283 'MT' => '[A-Z]{3}[ ]?\d{2,4}',
1284 'MU' => '(\d{3}[A-Z]{2}\d{3})?',
1285 'MV' => '\d{5}',
1286 'MX' => '\d{5}',
1287 'MY' => '\d{5}',
1288 'NC' => '988\d{2}',
1289 'NE' => '\d{4}',
1290 'NF' => '2899',
1291 'NG' => '(\d{6})?',
1292 'NI' => '((\d{4}-)?\d{3}-\d{3}(-\d{1})?)?',
1293 'NL' => '^[1-9][0-9]{3}\s?([a-zA-Z]{2})?$',
1294 'NO' => '\d{4}',
1295 'NP' => '\d{5}',
1296 'NZ' => '\d{4}',
1297 'OM' => '(PC )?\d{3}',
1298 'PF' => '987\d{2}',
1299 'PG' => '\d{3}',
1300 'PH' => '\d{4}',
1301 'PK' => '\d{5}',
1302 'PL' => '\d{2}-\d{3}',
1303 'PM' => '9[78]5\d{2}',
1304 'PN' => 'PCRN 1ZZ',
1305 'PR' => '00[679]\d{2}([ \-]\d{4})?',
1306 'PT' => '\d{4}([\-]\d{3})?',
1307 'PW' => '96940',
1308 'PY' => '\d{4}',
1309 'RE' => '9[78]4\d{2}',
1310 'RO' => '\d{6}',
1311 'RS' => '\d{5}',
1312 'RU' => '\d{6}',
1313 'SA' => '\d{5}',
1314 'SE' => '^(s-|S-){0,1}[0-9]{3}\s?[0-9]{2}$',
1315 'SG' => '\d{6}',
1316 'SH' => '(ASCN|STHL) 1ZZ',
1317 'SI' => '\d{4}',
1318 'SJ' => '\d{4}',
1319 'SK' => '\d{3}[ ]?\d{2}',
1320 'SM' => '4789\d',
1321 'SN' => '\d{5}',
1322 'SO' => '\d{5}',
1323 'SZ' => '[HLMS]\d{3}',
1324 'TC' => 'TKCA 1ZZ',
1325 'TH' => '\d{5}',
1326 'TJ' => '\d{6}',
1327 'TM' => '\d{6}',
1328 'TN' => '\d{4}',
1329 'TR' => '\d{5}',
1330 'TW' => '\d{3}(\d{2})?',
1331 'UA' => '\d{5}',
1332 'UK' => '^(GIR|[A-Z]\d[A-Z\d]??|[A-Z]{2}\d[A-Z\d]??)[ ]??(\d[A-Z]{2})$',
1333 'US' => '^\d{5}([\-]?\d{4})?$',
1334 'UY' => '\d{5}',
1335 'UZ' => '\d{6}',
1336 'VA' => '00120',
1337 'VE' => '\d{4}',
1338 'VI' => '008(([0-4]\d)|(5[01]))([ \-]\d{4})?',
1339 'WF' => '986\d{2}',
1340 'YT' => '976\d{2}',
1341 'YU' => '\d{5}',
1342 'ZA' => '\d{4}',
1343 'ZM' => '\d{5}',
1344 );
1345
1346 if ( ! isset( $zip_regex[ $country_code ] ) || preg_match( '/' . $zip_regex[ $country_code ] . '/i', $zip ) ) {
1347 $ret = true;
1348 }
1349
1350 return apply_filters( 'give_is_zip_valid', $ret, $zip, $country_code );
1351 }
1352
1353 /**
1354 * Validate donation amount and auto set correct donation level id on basis of amount.
1355 *
1356 * Note: If amount does not match to donation level amount then level id will be auto select to first match level id on basis of amount.
1357 *
1358 * @param array $valid_data List of Valid Data.
1359 *
1360 * @return bool
1361 */
1362 function give_validate_donation_amount( $valid_data ) {
1363
1364 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
1365
1366 /* @var Give_Donate_Form $form */
1367 $form = new Give_Donate_Form( $post_data['give-form-id'] );
1368
1369 // Get the form currency.
1370 $form_currency = give_get_currency( $post_data['give-form-id'] );
1371
1372 $donation_level_matched = false;
1373
1374 if ( $form->is_set_type_donation_form() ) {
1375
1376 // Sanitize donation amount.
1377 $post_data['give-amount'] = give_maybe_sanitize_amount( $post_data['give-amount'], array( 'currency' => $form_currency ) );
1378
1379 // Backward compatibility.
1380 if ( $form->is_custom_price( $post_data['give-amount'] ) ) {
1381 $post_data['give-price-id'] = 'custom';
1382 }
1383
1384 $donation_level_matched = true;
1385
1386 } elseif ( $form->is_multi_type_donation_form() ) {
1387
1388 $variable_prices = $form->get_prices();
1389
1390 // Bailout.
1391 if ( ! $variable_prices ) {
1392 return false;
1393 }
1394
1395 // Sanitize donation amount.
1396 $post_data['give-amount'] = give_maybe_sanitize_amount( $post_data['give-amount'], array( 'currency' => $form_currency ) );
1397 $variable_price_option_amount = give_maybe_sanitize_amount( give_get_price_option_amount( $post_data['give-form-id'], $post_data['give-price-id'] ), array( 'currency' => $form_currency ) );
1398 $new_price_id = '';
1399
1400 if ( $post_data['give-amount'] === $variable_price_option_amount ) {
1401 return true;
1402 }
1403
1404 if ( $form->is_custom_price( $post_data['give-amount'] ) ) {
1405 $new_price_id = 'custom';
1406 } else {
1407
1408 // Find correct donation level from all donation levels.
1409 foreach ( $variable_prices as $variable_price ) {
1410
1411 // Sanitize level amount.
1412 $variable_price['_give_amount'] = give_maybe_sanitize_amount( $variable_price['_give_amount'] );
1413
1414 // Set first match donation level ID.
1415 if ( $post_data['give-amount'] === $variable_price['_give_amount'] ) {
1416 $new_price_id = $variable_price['_give_id']['level_id'];
1417 break;
1418 }
1419 }
1420 }
1421
1422 // If donation amount is not find in donation levels then check if form has custom donation feature enable or not.
1423 // If yes then set price id to custom if amount is greater then custom minimum amount (if any).
1424 if ( $post_data['give-price-id'] === $new_price_id ) {
1425 $donation_level_matched = true;
1426 }
1427 } // End if().
1428
1429 if ( ! $donation_level_matched ) {
1430 give_set_error(
1431 'invalid_donation_amount',
1432 sprintf(
1433 /* translators: %s: invalid donation amount */
1434 __( 'Donation amount %s is invalid.', 'give' ),
1435 give_currency_filter(
1436 give_format_amount( $post_data['give-amount'], array( 'sanitize' => false, ) )
1437 )
1438 )
1439 );
1440 }
1441 }
1442
1443 add_action( 'give_checkout_error_checks', 'give_validate_donation_amount', 10, 1 );
1444
1445 /**
1446 * Validate Required Form Fields.
1447 *
1448 * @param int $form_id Form ID.
1449 *
1450 * @since 2.0
1451 */
1452 function give_validate_required_form_fields( $form_id ) {
1453
1454 // Sanitize values submitted with donation form.
1455 $post_data = give_clean( $_POST ); // WPCS: input var ok, sanitization ok, CSRF ok.
1456
1457 // Loop through required fields and show error messages.
1458 foreach ( give_get_required_fields( $form_id ) as $field_name => $value ) {
1459
1460 // Clean Up Data of the input fields.
1461 $field_value = $post_data[ $field_name ];
1462
1463 // Check whether the required field is empty, then show the error message.
1464 if ( in_array( $value, give_get_required_fields( $form_id ), true ) && empty( $field_value ) ) {
1465 give_set_error( $value['error_id'], $value['error_message'] );
1466 }
1467 }
1468 }
1469
1470 /**
1471 * Validates and checks if name fields are valid or not.
1472 *
1473 * @param array $post_data List of post data.
1474 *
1475 * @since 2.1
1476 *
1477 * @return void
1478 */
1479 function give_donation_form_validate_name_fields( $post_data ) {
1480
1481 $is_alpha_first_name = ( ! is_email( $post_data['give_first'] ) && ! preg_match( '~[0-9]~', $post_data['give_first'] ) );
1482 $is_alpha_last_name = ( ! is_email( $post_data['give_last'] ) && ! preg_match( '~[0-9]~', $post_data['give_last'] ) );
1483
1484 if ( ! $is_alpha_first_name || ( ! empty( $post_data['give_last'] ) && ! $is_alpha_last_name ) ) {
1485 give_set_error( 'invalid_name', esc_html__( 'The First Name and Last Name fields cannot contain an email address or numbers.', 'give' ) );
1486 }
1487 }
1488